diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index f2ec111f2bc..4f3995f4150 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -190,9 +190,6 @@ - name: --disable-rbac type: bool short-summary: Disable Kubernetes Role-Based Access Control. - - name: --enable-rbac -r - type: bool - short-summary: "Enable Kubernetes Role-Based Access Control. Default: enabled." - name: --max-pods -m type: int short-summary: The maximum number of pods deployable to a node. @@ -263,9 +260,6 @@ - name: --max-count type: int short-summary: Maximum nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specify the value in the range of [1, 1000]. - - name: --cluster-autoscaler-profile - type: list - short-summary: Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile. - name: --vm-set-type type: string short-summary: Agent pool vm set type. VirtualMachineScaleSets or AvailabilitySet. @@ -324,9 +318,6 @@ - name: --appgw-name type: string short-summary: Name of the application gateway to create/use in the node resource group. Use with ingress-azure addon. - - name: --appgw-subnet-prefix - type: string - short-summary: Subnet Prefix to use for a new subnet created to deploy the Application Gateway. Use with ingress-azure addon. - name: --appgw-subnet-cidr type: string short-summary: Subnet CIDR to use for a new subnet created to deploy the Application Gateway. Use with ingress-azure addon. @@ -450,6 +441,12 @@ - name: --enable-keda type: bool short-summary: Enable KEDA workload auto-scaler. + - name: --enable-defender + type: bool + short-summary: Enable Microsoft Defender security profile. + - name: --defender-config + type: string + short-summary: Path to JSON file containing Microsoft Defender profile configurations. examples: - name: Create a Kubernetes cluster with an existing SSH public key. text: az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey @@ -574,9 +571,6 @@ - name: --no-uptime-sla type: bool short-summary: Change a paid managed cluster to a free one. - - name: --cluster-autoscaler-profile - type: list - short-summary: Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile. - name: --load-balancer-managed-outbound-ip-count type: int short-summary: Load balancer managed outbound IP count. @@ -770,6 +764,15 @@ - name: --disable-keda type: bool short-summary: Disable KEDA workload auto-scaler. + - name: --enable-defender + type: bool + short-summary: Enable Microsoft Defender security profile. + - name: --disable-defender + type: bool + short-summary: Disable defender profile. + - name: --defender-config + type: string + short-summary: Path to JSON file containing Microsoft Defender profile configurations. examples: - name: Reconcile the cluster back to its current state. text: az aks update -g MyResourceGroup -n MyManagedCluster diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index d50d8e6f8a3..e0973f1b2da 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -112,6 +112,8 @@ validate_vm_set_type, validate_vnet_subnet_id, validate_enable_custom_ca_trust, + validate_defender_config_parameter, + validate_defender_disable_and_enable_parameters, ) # candidates for enumeration @@ -177,8 +179,6 @@ def load_arguments(self, _): c.argument('node_osdisk_diskencryptionset_id', options_list=['--node-osdisk-diskencryptionset-id', '-d']) c.argument('disable_local_accounts', action='store_true') c.argument('disable_rbac', action='store_true') - c.argument('enable_rbac', action='store_true', options_list=['--enable-rbac', '-r'], - deprecate_info=c.deprecate(redirect="--disable-rbac", hide="2.0.45")) c.argument('edge_zone', edge_zone_type) c.argument('admin_username', options_list=['--admin-username', '-u'], default='azureuser') c.argument('generate_ssh_keys', action='store_true', validator=validate_create_parameters) @@ -201,7 +201,8 @@ def load_arguments(self, _): c.argument('network_plugin', arg_type=get_enum_type(network_plugins)) c.argument('network_policy') c.argument('auto_upgrade_channel', arg_type=get_enum_type(auto_upgrade_channels)) - c.argument('cluster_autoscaler_profile', nargs='+') + c.argument('cluster_autoscaler_profile', nargs='+', options_list=["--cluster-autoscaler-profile", "--ca-profile"], + help="Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile.") c.argument('uptime_sla', action='store_true') c.argument('fqdn_subdomain') c.argument('api_server_authorized_ip_ranges', validator=validate_ip_ranges) @@ -223,15 +224,14 @@ def load_arguments(self, _): c.argument('windows_admin_username') c.argument('windows_admin_password') c.argument('enable_ahub') - c.argument('disable_ahub') + c.argument('enable_windows_gmsa', action='store_true') c.argument('gmsa_dns_server') c.argument('gmsa_root_domain_name') c.argument('attach_acr', acr_arg_type) c.argument('skip_subnet_role_assignment', action='store_true') - c.argument('disk_driver_version', arg_type=get_enum_type(disk_driver_versions)) - c.argument('disable_disk_driver', action='store_true') - c.argument('disable_file_driver', action='store_true') - c.argument('disable_snapshot_controller', action='store_true') + c.argument('node_resource_group') + c.argument('enable_defender', action='store_true') + c.argument('defender_config', validator=validate_defender_config_parameter) # addons c.argument('enable_addons', options_list=['--enable-addons', '-a'], validator=validate_addons) c.argument('workspace_resource_id') @@ -248,8 +248,7 @@ def load_arguments(self, _): # nodepool paramerters c.argument('nodepool_name', default='nodepool1', help='Node pool name, upto 12 alphanumeric characters', validator=validate_nodepool_name) - c.argument('node_vm_size', options_list=[ - '--node-vm-size', '-s'], completer=get_vm_size_completion_list) + c.argument('node_vm_size', options_list=['--node-vm-size', '-s'], completer=get_vm_size_completion_list) c.argument('os_sku', arg_type=get_enum_type(node_os_skus)) c.argument('snapshot_id', validator=validate_snapshot_id) c.argument('vnet_subnet_id', validator=validate_vnet_subnet_id) @@ -268,6 +267,7 @@ def load_arguments(self, _): c.argument('max_pods', type=int, options_list=['--max-pods', '-m']) c.argument('vm_set_type', validator=validate_vm_set_type) c.argument('enable_vmss', action='store_true', help='To be deprecated. Use vm_set_type instead.', deprecate_info=c.deprecate(redirect='--vm-set-type', hide=True)) + # TODO: remove node_zones after cli 2.38.0 release c.argument('node_zones', zones_type, options_list=['--node-zones'], help='(--node-zones will be deprecated) Space-separated list of availability zones where agent nodes will be placed.', deprecate_info=c.deprecate(redirect='--zones', hide='2.37.0')) c.argument('zones', zones_type, options_list=['--zones', '-z'], help='Space-separated list of availability zones where agent nodes will be placed.') c.argument('ppg') @@ -276,12 +276,10 @@ def load_arguments(self, _): c.argument('enable_fips_image', action='store_true') c.argument('kubelet_config') c.argument('linux_os_config') - c.argument('yes', options_list=[ - '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') c.argument('aks_custom_headers') # extensions # managed cluster - c.argument('node_resource_group') c.argument('http_proxy_config') c.argument('ip_families') c.argument('pod_cidrs') @@ -289,11 +287,20 @@ def load_arguments(self, _): c.argument('load_balancer_managed_outbound_ipv6_count', type=int) c.argument('enable_pod_security_policy', action='store_true') c.argument('enable_pod_identity', action='store_true') + c.argument('enable_pod_identity_with_kubenet', action='store_true') c.argument('enable_workload_identity', arg_type=get_three_state_flag()) c.argument('enable_oidc_issuer', action='store_true', is_preview=True) c.argument('enable_azure_keyvault_kms', action='store_true', is_preview=True) c.argument('azure_keyvault_kms_key_id', validator=validate_azure_keyvault_kms_key_id, is_preview=True) c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True) + c.argument('disk_driver_version', arg_type=get_enum_type(disk_driver_versions)) + c.argument('disable_disk_driver', action='store_true') + c.argument('disable_file_driver', action='store_true') + c.argument('disable_snapshot_controller', action='store_true') + c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True) + c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True) + c.argument('dns_zone_resource_id') + c.argument('enable_keda', action='store_true', is_preview=True) # nodepool c.argument('host_group_id', validator=validate_host_group_id, is_preview=True) c.argument('crg_id', validator=validate_crg_id, is_preview=True) @@ -301,19 +308,14 @@ def load_arguments(self, _): c.argument('message_of_the_day') c.argument('gpu_instance_profile', arg_type=get_enum_type(gpu_instance_profiles)) c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) - c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True) - c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True) - c.argument('dns-zone-resource-id') # no validation for aks create because it already only supports Linux. c.argument('enable_custom_ca_trust', action='store_true') - c.argument('enable_keda', action='store_true', is_preview=True) with self.argument_context('aks update') as c: # managed cluster paramerters c.argument('disable_local_accounts', action='store_true') c.argument('enable_local_accounts', action='store_true') c.argument('load_balancer_managed_outbound_ip_count', type=int) - c.argument('load_balancer_managed_outbound_ipv6_count', type=int) c.argument('load_balancer_outbound_ips', validator=validate_load_balancer_outbound_ips) c.argument('load_balancer_outbound_ip_prefixes', validator=validate_load_balancer_outbound_ip_prefixes) c.argument('load_balancer_outbound_ports', type=int, validator=validate_load_balancer_outbound_ports) @@ -321,7 +323,8 @@ def load_arguments(self, _): c.argument('nat_gateway_managed_outbound_ip_count', type=int, validator=validate_nat_gateway_managed_outbound_ip_count) c.argument('nat_gateway_idle_timeout', type=int, validator=validate_nat_gateway_idle_timeout) c.argument('auto_upgrade_channel', arg_type=get_enum_type(auto_upgrade_channels)) - c.argument('cluster_autoscaler_profile', nargs='+') + c.argument('cluster_autoscaler_profile', nargs='+', options_list=["--cluster-autoscaler-profile", "--ca-profile"], + help="Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile.") c.argument('uptime_sla', action='store_true') c.argument('no_uptime_sla', action='store_true') c.argument('api_server_authorized_ip_ranges', validator=validate_ip_ranges) @@ -341,15 +344,11 @@ def load_arguments(self, _): c.argument('enable_windows_gmsa', action='store_true') c.argument('gmsa_dns_server') c.argument('gmsa_root_domain_name') - c.argument('enable_disk_driver', action='store_true') - c.argument('disk_driver_version', arg_type=get_enum_type(disk_driver_versions)) - c.argument('disable_disk_driver', action='store_true') - c.argument('enable_file_driver', action='store_true') - c.argument('disable_file_driver', action='store_true') - c.argument('enable_snapshot_controller', action='store_true') - c.argument('disable_snapshot_controller', action='store_true') c.argument('attach_acr', acr_arg_type, validator=validate_acr) c.argument('detach_acr', acr_arg_type, validator=validate_acr) + c.argument('disable_defender', action='store_true', validator=validate_defender_disable_and_enable_parameters) + c.argument('enable_defender', action='store_true') + c.argument('defender_config', validator=validate_defender_config_parameter) # addons c.argument('enable_secret_rotation', action='store_true') c.argument('disable_secret_rotation', action='store_true') @@ -365,121 +364,88 @@ def load_arguments(self, _): c.argument('max_count', type=int, validator=validate_nodes_count) c.argument('nodepool_labels', nargs='*', validator=validate_nodepool_labels, help='space-separated labels: key[=value] [key[=value] ...]. See https://aka.ms/node-labels for syntax of labels.') - c.argument('yes', options_list=[ - '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') c.argument('aks_custom_headers') # extensions # managed cluster c.argument('http_proxy_config') + c.argument('load_balancer_managed_outbound_ipv6_count', type=int) c.argument('enable_pod_security_policy', action='store_true') c.argument('disable_pod_security_policy', action='store_true') c.argument('enable_pod_identity', action='store_true') + c.argument('enable_pod_identity_with_kubenet', action='store_true') c.argument('disable_pod_identity', action='store_true') c.argument('enable_workload_identity', arg_type=get_three_state_flag()) c.argument('enable_oidc_issuer', action='store_true', is_preview=True) c.argument('enable_azure_keyvault_kms', action='store_true', is_preview=True) c.argument('azure_keyvault_kms_key_id', validator=validate_azure_keyvault_kms_key_id, is_preview=True) + c.argument('enable_disk_driver', action='store_true') + c.argument('disk_driver_version', arg_type=get_enum_type(disk_driver_versions)) + c.argument('disable_disk_driver', action='store_true') + c.argument('enable_file_driver', action='store_true') + c.argument('disable_file_driver', action='store_true') + c.argument('enable_snapshot_controller', action='store_true') + c.argument('disable_snapshot_controller', action='store_true') c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True) c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True) c.argument('enable_keda', action='store_true', is_preview=True) c.argument('disable_keda', action='store_true', is_preview=True) - with self.argument_context('aks scale') as c: - c.argument('nodepool_name', - help='Node pool name, upto 12 alphanumeric characters', validator=validate_nodepool_name) - with self.argument_context('aks upgrade') as c: - c.argument('kubernetes_version', - completer=get_k8s_upgrades_completion_list) - c.argument('yes', options_list=[ - '--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') + c.argument('kubernetes_version', completer=get_k8s_upgrades_completion_list) + c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true') - with self.argument_context('aks maintenanceconfiguration') as c: - c.argument('cluster_name', help='The cluster name.') - - for scope in ['aks maintenanceconfiguration add', 'aks maintenanceconfiguration update']: - with self.argument_context(scope) as c: - c.argument('config_name', options_list=[ - '--name', '-n'], help='The config name.') - c.argument('config_file', options_list=[ - '--config-file'], help='The config json file.', required=False) - c.argument('weekday', options_list=[ - '--weekday'], help='weekday on which maintenance can happen. e.g. Monday', required=False) - c.argument('start_hour', type=int, options_list=[ - '--start-hour'], help='maintenance start hour of 1 hour window on the weekday. e.g. 1 means 1:00am - 2:00am', required=False) - - for scope in ['aks maintenanceconfiguration show', 'aks maintenanceconfiguration delete']: - with self.argument_context(scope) as c: - c.argument('config_name', options_list=[ - '--name', '-n'], help='The config name.') + with self.argument_context('aks scale') as c: + c.argument('nodepool_name', help='Node pool name, upto 12 alphanumeric characters', validator=validate_nodepool_name) with self.argument_context('aks nodepool') as c: c.argument('cluster_name', help='The cluster name.') - for scope in ['aks nodepool add']: - with self.argument_context(scope) as c: - c.argument('nodepool_name', options_list=[ - '--name', '-n'], validator=validate_nodepool_name, help='The node pool name.') - c.argument('node_vm_size', options_list=[ - '--node-vm-size', '-s'], completer=get_vm_size_completion_list) - c.argument('os_type') - c.argument('os_sku', arg_type=get_enum_type(node_os_skus)) - c.argument('snapshot_id', validator=validate_snapshot_id) - c.argument('vnet_subnet_id', validator=validate_vnet_subnet_id) - c.argument('pod_subnet_id', validator=validate_pod_subnet_id) - c.argument('enable_node_public_ip', action='store_true') - c.argument('node_public_ip_prefix_id') - c.argument('enable_cluster_autoscaler', options_list=[ - "--enable-cluster-autoscaler", "-e"], action='store_true') - c.argument('min_count', type=int, validator=validate_nodes_count) - c.argument('max_count', type=int, validator=validate_nodes_count) - c.argument('priority', arg_type=get_enum_type(node_priorities), validator=validate_priority) - c.argument('eviction_policy', arg_type=get_enum_type(node_eviction_policies), validator=validate_eviction_policy) - c.argument('spot_max_price', type=float, - validator=validate_spot_max_price) - c.argument('labels', nargs='*', validator=validate_nodepool_labels) - c.argument('tags', tags_type) - c.argument('node_taints', validator=validate_taints) - c.argument('node_osdisk_type', arg_type=get_enum_type(node_os_disk_types)) - c.argument('node_osdisk_size', type=int) - c.argument('max_surge', validator=validate_max_surge) - c.argument('mode', arg_type=get_enum_type(node_mode_types)) - c.argument('scale_down_mode', arg_type=get_enum_type(scale_down_modes)) - c.argument('max_pods', type=int, options_list=['--max-pods', '-m']) - c.argument('node_zones', zones_type, options_list=['--node-zones'], help='(--node-zones will be deprecated) Space-separated list of availability zones where agent nodes will be placed.', deprecate_info=c.deprecate(redirect='--zones', hide='2.37.0')) - c.argument('zones', zones_type, options_list=['--zones', '-z'], help='Space-separated list of availability zones where agent nodes will be placed.') - c.argument('ppg') - c.argument('enable_encryption_at_host', options_list=[ - '--enable-encryption-at-host'], action='store_true') - c.argument('enable_ultra_ssd', action='store_true') - c.argument('enable_fips_image', action='store_true') - c.argument('kubelet_config') - c.argument('linux_os_config') - c.argument('aks_custom_headers') - c.argument('enable_custom_ca_trust', action='store_true', validator=validate_enable_custom_ca_trust) - # extensions - c.argument('host_group_id', validator=validate_host_group_id, is_preview=True) - c.argument('crg_id', validator=validate_crg_id, is_preview=True) - c.argument('message_of_the_day', validator=validate_message_of_the_day) - c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) - c.argument('gpu_instance_profile', arg_type=get_enum_type(gpu_instance_profiles)) - - for scope in ['aks nodepool show', 'aks nodepool scale', 'aks nodepool upgrade', 'aks nodepool update']: - with self.argument_context(scope) as c: - c.argument('nodepool_name', options_list=[ - '--name', '-n'], validator=validate_nodepool_name, help='The node pool name.') - - with self.argument_context('aks nodepool delete') as c: - c.argument('nodepool_name', options_list=[ - '--name', '-n'], validator=validate_nodepool_name, help='The node pool name.') - c.argument('ignore_pod_disruption_budget', options_list=[ - "--ignore-pod-disruption-budget", "-i"], action=get_three_state_flag(), is_preview=True, - help='delete an AKS nodepool by ignoring PodDisruptionBudget setting') + for sub_command in ['add', 'update', 'upgrade', 'scale', 'show', 'list', 'delete']: + with self.argument_context('aks nodepool ' + sub_command) as c: + c.argument('nodepool_name', options_list=['--nodepool-name', '--name', '-n'], validator=validate_nodepool_name, help='The node pool name.') - with self.argument_context('aks nodepool upgrade') as c: + with self.argument_context('aks nodepool add') as c: + c.argument('node_vm_size', options_list=['--node-vm-size', '-s'], completer=get_vm_size_completion_list) + c.argument('os_type') + c.argument('os_sku', arg_type=get_enum_type(node_os_skus)) + c.argument('snapshot_id', validator=validate_snapshot_id) + c.argument('vnet_subnet_id', validator=validate_vnet_subnet_id) + c.argument('pod_subnet_id', validator=validate_pod_subnet_id) + c.argument('enable_node_public_ip', action='store_true') + c.argument('node_public_ip_prefix_id') + c.argument('enable_cluster_autoscaler', options_list=["--enable-cluster-autoscaler", "-e"], action='store_true') + c.argument('min_count', type=int, validator=validate_nodes_count) + c.argument('max_count', type=int, validator=validate_nodes_count) + c.argument('priority', arg_type=get_enum_type(node_priorities), validator=validate_priority) + c.argument('eviction_policy', arg_type=get_enum_type(node_eviction_policies), validator=validate_eviction_policy) + c.argument('spot_max_price', type=float, validator=validate_spot_max_price) + c.argument('labels', nargs='*', validator=validate_nodepool_labels) + c.argument('tags', tags_type) + c.argument('node_taints', validator=validate_taints) + c.argument('node_osdisk_type', arg_type=get_enum_type(node_os_disk_types)) + c.argument('node_osdisk_size', type=int) c.argument('max_surge', validator=validate_max_surge) + c.argument('mode', arg_type=get_enum_type(node_mode_types)) + c.argument('scale_down_mode', arg_type=get_enum_type(scale_down_modes)) + c.argument('max_pods', type=int, options_list=['--max-pods', '-m']) + # TODO: remove node_zones after cli 2.38.0 release + c.argument('node_zones', zones_type, options_list=['--node-zones'], help='(--node-zones will be deprecated) Space-separated list of availability zones where agent nodes will be placed.', deprecate_info=c.deprecate(redirect='--zones', hide='2.37.0')) + c.argument('zones', zones_type, options_list=['--zones', '-z'], help='Space-separated list of availability zones where agent nodes will be placed.') + c.argument('ppg') + c.argument('enable_encryption_at_host', action='store_true') + c.argument('enable_ultra_ssd', action='store_true') + c.argument('enable_fips_image', action='store_true') + c.argument('kubelet_config') + c.argument('linux_os_config') c.argument('aks_custom_headers') - c.argument('snapshot_id', validator=validate_snapshot_id) + # extensions + c.argument('host_group_id', validator=validate_host_group_id, is_preview=True) + c.argument('crg_id', validator=validate_crg_id, is_preview=True) + c.argument('message_of_the_day', validator=validate_message_of_the_day) + c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER) + c.argument('gpu_instance_profile', arg_type=get_enum_type(gpu_instance_profiles)) + c.argument('enable_custom_ca_trust', action='store_true', validator=validate_enable_custom_ca_trust) with self.argument_context('aks nodepool update') as c: c.argument('enable_cluster_autoscaler', options_list=[ @@ -496,9 +462,39 @@ def load_arguments(self, _): c.argument('max_surge', validator=validate_max_surge) c.argument('mode', arg_type=get_enum_type(node_mode_types)) c.argument('scale_down_mode', arg_type=get_enum_type(scale_down_modes)) + # extensions c.argument('enable_custom_ca_trust', action='store_true', validator=validate_enable_custom_ca_trust) c.argument('disable_custom_ca_trust', options_list=['--disable-custom-ca-trust', '--dcat'], action='store_true') + with self.argument_context('aks nodepool upgrade') as c: + c.argument('max_surge', validator=validate_max_surge) + c.argument('aks_custom_headers') + c.argument('snapshot_id', validator=validate_snapshot_id) + + with self.argument_context('aks nodepool delete') as c: + c.argument('ignore_pod_disruption_budget', options_list=[ + "--ignore-pod-disruption-budget", "-i"], action=get_three_state_flag(), is_preview=True, + help='delete an AKS nodepool by ignoring PodDisruptionBudget setting') + + with self.argument_context('aks maintenanceconfiguration') as c: + c.argument('cluster_name', help='The cluster name.') + + for scope in ['aks maintenanceconfiguration add', 'aks maintenanceconfiguration update']: + with self.argument_context(scope) as c: + c.argument('config_name', options_list=[ + '--name', '-n'], help='The config name.') + c.argument('config_file', options_list=[ + '--config-file'], help='The config json file.', required=False) + c.argument('weekday', options_list=[ + '--weekday'], help='weekday on which maintenance can happen. e.g. Monday', required=False) + c.argument('start_hour', type=int, options_list=[ + '--start-hour'], help='maintenance start hour of 1 hour window on the weekday. e.g. 1 means 1:00am - 2:00am', required=False) + + for scope in ['aks maintenanceconfiguration show', 'aks maintenanceconfiguration delete']: + with self.argument_context(scope) as c: + c.argument('config_name', options_list=[ + '--name', '-n'], help='The config name.') + with self.argument_context('aks addon show') as c: c.argument('addon', options_list=[ '--addon', '-a'], validator=validate_addon) @@ -558,32 +554,23 @@ def load_arguments(self, _): c.argument('dns-zone-resource-id') with self.argument_context('aks disable-addons') as c: - c.argument('addons', options_list=[ - '--addons', '-a'], validator=validate_addons) + c.argument('addons', options_list=['--addons', '-a'], validator=validate_addons) with self.argument_context('aks enable-addons') as c: - c.argument('addons', options_list=[ - '--addons', '-a'], validator=validate_addons) + c.argument('addons', options_list=['--addons', '-a'], validator=validate_addons) c.argument('subnet_name', options_list=['--subnet-name', '-s']) c.argument('enable_sgxquotehelper', action='store_true') - c.argument('osm_mesh_name', options_list=['--osm-mesh-name']) - c.argument('appgw_name', options_list=[ - '--appgw-name'], arg_group='Application Gateway') - c.argument('appgw_subnet_prefix', options_list=[ - '--appgw-subnet-prefix'], arg_group='Application Gateway', deprecate_info=c.deprecate(redirect='--appgw-subnet-cidr', hide=True)) - c.argument('appgw_subnet_cidr', options_list=[ - '--appgw-subnet-cidr'], arg_group='Application Gateway') - c.argument('appgw_id', options_list=[ - '--appgw-id'], arg_group='Application Gateway') - c.argument('appgw_subnet_id', options_list=[ - '--appgw-subnet-id'], arg_group='Application Gateway') - c.argument('appgw_watch_namespace', options_list=[ - '--appgw-watch-namespace'], arg_group='Application Gateway') + c.argument('osm_mesh_name') + c.argument('appgw_name', arg_group='Application Gateway') + c.argument('appgw_subnet_prefix', arg_group='Application Gateway', deprecate_info=c.deprecate(redirect='--appgw-subnet-cidr', hide=True)) + c.argument('appgw_subnet_cidr', arg_group='Application Gateway') + c.argument('appgw_id', arg_group='Application Gateway') + c.argument('appgw_subnet_id', arg_group='Application Gateway') + c.argument('appgw_watch_namespace', arg_group='Application Gateway') c.argument('enable_secret_rotation', action='store_true') c.argument('rotation_poll_interval') c.argument('workspace_resource_id') - c.argument('enable_msi_auth_for_monitoring', - arg_type=get_three_state_flag(), is_preview=True) + c.argument('enable_msi_auth_for_monitoring', arg_type=get_three_state_flag(), is_preview=True) c.argument('dns-zone-resource-id') with self.argument_context('aks get-credentials') as c: diff --git a/src/aks-preview/azext_aks_preview/_validators.py b/src/aks-preview/azext_aks_preview/_validators.py index 479e84e17db..adff54d857e 100644 --- a/src/aks-preview/azext_aks_preview/_validators.py +++ b/src/aks-preview/azext_aks_preview/_validators.py @@ -12,7 +12,7 @@ from knack.log import get_logger -from azure.cli.core.azclierror import InvalidArgumentValueError, ArgumentUsageError +from azure.cli.core.azclierror import InvalidArgumentValueError, ArgumentUsageError, RequiredArgumentMissingError from azure.cli.core.commands.validators import validate_tag from azure.cli.core.util import CLIError import azure.cli.core.keys as keys @@ -593,3 +593,13 @@ def validate_enable_custom_ca_trust(namespace): if hasattr(namespace, 'os_type') and namespace.os_type != "Linux": raise ArgumentUsageError( '--enable_custom_ca_trust can only be set for Linux nodepools') + + +def validate_defender_config_parameter(namespace): + if namespace.defender_config and not namespace.enable_defender: + raise RequiredArgumentMissingError("Please specify --enable-defnder") + + +def validate_defender_disable_and_enable_parameters(namespace): + if namespace.disable_defender and namespace.enable_defender: + raise ArgumentUsageError('Providing both --disable-defender and --enable-defender flags is invalid') diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index 911763affd2..821e357ba7e 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -1,4 +1,3 @@ -# pylint: disable=too-many-lines # -------------------------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. See License.txt in the project root for license information. @@ -24,8 +23,8 @@ import webbrowser from math import isnan -import colorama # pylint: disable=import-error -import yaml # pylint: disable=import-error +import colorama +import yaml from azure.cli.core.api import get_config_dir from azure.cli.core.azclierror import ( ArgumentUsageError, @@ -49,30 +48,29 @@ PasswordCredential, ServicePrincipalCreateParameters, ) -from dateutil.parser import parse # pylint: disable=import-error -from dateutil.relativedelta import relativedelta # pylint: disable=import-error +from dateutil.parser import parse +from dateutil.relativedelta import relativedelta from knack.log import get_logger -from knack.prompting import NoTTYException, prompt_pass, prompt_y_n +from knack.prompting import NoTTYException, prompt_y_n from knack.util import CLIError from msrestazure.azure_exceptions import CloudError -from six.moves.urllib.error import URLError # pylint: disable=import-error -from six.moves.urllib.request import urlopen # pylint: disable=import-error -from tabulate import tabulate # pylint: disable=import-error +from six.moves.urllib.error import URLError +from six.moves.urllib.request import urlopen +from tabulate import tabulate -from azext_aks_preview._client_factory import CUSTOM_MGMT_AKS_PREVIEW - -from ._client_factory import ( +from azext_aks_preview._client_factory import ( + CUSTOM_MGMT_AKS_PREVIEW, cf_agent_pools, cf_container_registry_service, - cf_nodepool_snapshots_client, cf_mc_snapshots_client, + cf_nodepool_snapshots_client, cf_storage, get_auth_management_client, get_graph_rbac_management_client, get_msi_client, get_resource_by_name, ) -from ._consts import ( +from azext_aks_preview._consts import ( ADDONS, ADDONS_DESCRIPTIONS, CONST_ACC_SGX_QUOTE_HELPER_ENABLED, @@ -92,12 +90,13 @@ CONST_MONITORING_ADDON_NAME, CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID, CONST_MONITORING_USING_AAD_MSI_AUTH, + CONST_NODEPOOL_MODE_USER, CONST_OPEN_SERVICE_MESH_ADDON_NAME, - CONST_PERISCOPE_REPO_ORG, CONST_PERISCOPE_CONTAINER_REGISTRY, - CONST_PERISCOPE_RELEASE_TAG, CONST_PERISCOPE_IMAGE_VERSION, CONST_PERISCOPE_NAMESPACE, + CONST_PERISCOPE_RELEASE_TAG, + CONST_PERISCOPE_REPO_ORG, CONST_ROTATION_POLL_INTERVAL, CONST_SCALE_DOWN_MODE_DELETE, CONST_SCALE_SET_PRIORITY_REGULAR, @@ -107,24 +106,22 @@ CONST_VIRTUAL_NODE_ADDON_NAME, CONST_VIRTUAL_NODE_SUBNET_NAME, ) -from ._helpers import ( - _trim_fqdn_name_containing_hcp, -) -from ._podidentity import ( +from azext_aks_preview._helpers import _trim_fqdn_name_containing_hcp +from azext_aks_preview._podidentity import ( _ensure_managed_identity_operator_permission, _ensure_pod_identity_addon_is_enabled, _fill_defaults_for_pod_identity_profile, _update_addon_pod_identity, ) -from ._resourcegroup import get_rg_location -from ._roleassignments import ( +from azext_aks_preview._resourcegroup import get_rg_location +from azext_aks_preview._roleassignments import ( add_role_assignment, build_role_scope, create_role_assignment, resolve_object_id, resolve_role_id, ) -from .addonconfiguration import ( +from azext_aks_preview.addonconfiguration import ( add_ingress_appgw_addon_role_assignment, add_monitoring_role_assignment, add_virtual_node_role_assignment, @@ -133,9 +130,17 @@ ensure_default_log_analytics_workspace_for_monitoring, sanitize_loganalytics_ws_resource_id, ) -from .maintenanceconfiguration import ( +from azext_aks_preview.aks_draft.commands import ( + aks_draft_cmd_create, + aks_draft_cmd_generate_workflow, + aks_draft_cmd_setup_gh, + aks_draft_cmd_up, + aks_draft_cmd_update, +) +from azext_aks_preview.maintenanceconfiguration import ( aks_maintenanceconfiguration_update_internal, ) + from .vendored_sdks.azure_mgmt_preview_aks.v2022_05_02_preview.models import ( AgentPool, AgentPoolUpgradeSettings, @@ -145,24 +150,15 @@ LinuxOSConfig, ManagedClusterAddonProfile, ManagedClusterHTTPProxyConfig, + ManagedClusterIngressProfile, + ManagedClusterIngressProfileWebAppRouting, ManagedClusterPodIdentity, ManagedClusterPodIdentityException, + ManagedClusterSnapshot, PowerState, Snapshot, - ManagedClusterSnapshot, SysctlConfig, UserAssignedIdentity, - ManagedClusterIngressProfile, - ManagedClusterIngressProfileWebAppRouting, - TrustedAccessRoleBinding, -) - -from azext_aks_preview.aks_draft.commands import ( - aks_draft_cmd_create, - aks_draft_cmd_setup_gh, - aks_draft_cmd_generate_workflow, - aks_draft_cmd_up, - aks_draft_cmd_update ) logger = get_logger(__name__) @@ -691,142 +687,152 @@ def aks_maintenanceconfiguration_update( return aks_maintenanceconfiguration_update_internal(cmd, client, resource_group_name, cluster_name, config_name, config_file, weekday, start_hour) -# pylint: disable=unused-argument,too-many-locals -def aks_create(cmd, - client, - resource_group_name, - name, - ssh_key_value, - dns_name_prefix=None, - location=None, - admin_username="azureuser", - windows_admin_username=None, - windows_admin_password=None, - enable_ahub=False, - kubernetes_version='', - node_vm_size=None, - node_osdisk_type=None, - node_osdisk_size=0, - node_osdisk_diskencryptionset_id=None, - node_count=3, - nodepool_name="nodepool1", - nodepool_tags=None, - nodepool_labels=None, - service_principal=None, client_secret=None, - no_ssh_key=False, - disable_rbac=None, - enable_rbac=None, - enable_vmss=None, - vm_set_type=None, - skip_subnet_role_assignment=False, - os_sku=None, - enable_fips_image=False, - enable_cluster_autoscaler=False, - cluster_autoscaler_profile=None, - network_plugin=None, - network_policy=None, - pod_cidr=None, - service_cidr=None, - pod_cidrs=None, - service_cidrs=None, - ip_families=None, - dns_service_ip=None, - docker_bridge_address=None, - load_balancer_sku=None, - load_balancer_managed_outbound_ip_count=None, - load_balancer_managed_outbound_ipv6_count=None, - load_balancer_outbound_ips=None, - load_balancer_outbound_ip_prefixes=None, - load_balancer_outbound_ports=None, - load_balancer_idle_timeout=None, - nat_gateway_managed_outbound_ip_count=None, - nat_gateway_idle_timeout=None, - outbound_type=None, - enable_addons=None, - workspace_resource_id=None, - enable_msi_auth_for_monitoring=False, - min_count=None, - max_count=None, - vnet_subnet_id=None, - pod_subnet_id=None, - ppg=None, - max_pods=0, - aad_client_app_id=None, - aad_server_app_id=None, - aad_server_app_secret=None, - aad_tenant_id=None, - tags=None, - node_zones=None, - zones=None, - enable_node_public_ip=False, - node_public_ip_prefix_id=None, - generate_ssh_keys=False, # pylint: disable=unused-argument - enable_pod_security_policy=False, - node_resource_group=None, - uptime_sla=False, - attach_acr=None, - enable_private_cluster=False, - private_dns_zone=None, - enable_managed_identity=True, - fqdn_subdomain=None, - disable_public_fqdn=False, - api_server_authorized_ip_ranges=None, - aks_custom_headers=None, - appgw_name=None, - appgw_subnet_prefix=None, - appgw_subnet_cidr=None, - appgw_id=None, - appgw_subnet_id=None, - appgw_watch_namespace=None, - enable_aad=False, - enable_azure_rbac=False, - aad_admin_group_object_ids=None, - aci_subnet_name=None, - enable_sgxquotehelper=False, - kubelet_config=None, - linux_os_config=None, - http_proxy_config=None, - assign_identity=None, - auto_upgrade_channel=None, - enable_pod_identity=False, - enable_pod_identity_with_kubenet=False, - enable_workload_identity=None, - enable_encryption_at_host=False, - enable_ultra_ssd=False, - edge_zone=None, - enable_secret_rotation=False, - disk_driver_version=None, - disable_disk_driver=False, - disable_file_driver=False, - disable_snapshot_controller=False, - rotation_poll_interval=None, - disable_local_accounts=False, - no_wait=False, - assign_kubelet_identity=None, - workload_runtime=None, - gpu_instance_profile=None, - enable_windows_gmsa=False, - gmsa_dns_server=None, - gmsa_root_domain_name=None, - snapshot_id=None, - cluster_snapshot_id=None, - enable_oidc_issuer=False, - host_group_id=None, - crg_id=None, - message_of_the_day=None, - enable_azure_keyvault_kms=False, - azure_keyvault_kms_key_id=None, - enable_apiserver_vnet_integration=False, - apiserver_subnet_id=None, - dns_zone_resource_id=None, - enable_custom_ca_trust=False, - enable_keda=False, - yes=False): +# pylint: disable=too-many-locals +def aks_create( + cmd, + client, + resource_group_name, + name, + ssh_key_value, + location=None, + kubernetes_version="", + tags=None, + dns_name_prefix=None, + node_osdisk_diskencryptionset_id=None, + disable_local_accounts=False, + disable_rbac=None, + edge_zone=None, + admin_username="azureuser", + generate_ssh_keys=False, + no_ssh_key=False, + pod_cidr=None, + service_cidr=None, + dns_service_ip=None, + docker_bridge_address=None, + load_balancer_sku=None, + load_balancer_managed_outbound_ip_count=None, + load_balancer_outbound_ips=None, + load_balancer_outbound_ip_prefixes=None, + load_balancer_outbound_ports=None, + load_balancer_idle_timeout=None, + nat_gateway_managed_outbound_ip_count=None, + nat_gateway_idle_timeout=None, + outbound_type=None, + network_plugin=None, + network_policy=None, + auto_upgrade_channel=None, + cluster_autoscaler_profile=None, + uptime_sla=False, + fqdn_subdomain=None, + api_server_authorized_ip_ranges=None, + enable_private_cluster=False, + private_dns_zone=None, + disable_public_fqdn=False, + service_principal=None, + client_secret=None, + enable_managed_identity=True, + assign_identity=None, + assign_kubelet_identity=None, + enable_aad=False, + enable_azure_rbac=False, + aad_admin_group_object_ids=None, + aad_client_app_id=None, + aad_server_app_id=None, + aad_server_app_secret=None, + aad_tenant_id=None, + windows_admin_username=None, + windows_admin_password=None, + enable_ahub=False, + enable_windows_gmsa=False, + gmsa_dns_server=None, + gmsa_root_domain_name=None, + attach_acr=None, + skip_subnet_role_assignment=False, + node_resource_group=None, + enable_defender=False, + defender_config=None, + # addons + enable_addons=None, + workspace_resource_id=None, + enable_msi_auth_for_monitoring=False, + aci_subnet_name=None, + appgw_name=None, + appgw_subnet_cidr=None, + appgw_id=None, + appgw_subnet_id=None, + appgw_watch_namespace=None, + enable_sgxquotehelper=False, + enable_secret_rotation=False, + rotation_poll_interval=None, + # nodepool paramerters + nodepool_name="nodepool1", + node_vm_size=None, + os_sku=None, + snapshot_id=None, + vnet_subnet_id=None, + pod_subnet_id=None, + enable_node_public_ip=False, + node_public_ip_prefix_id=None, + enable_cluster_autoscaler=False, + min_count=None, + max_count=None, + node_count=3, + nodepool_tags=None, + nodepool_labels=None, + node_osdisk_type=None, + node_osdisk_size=0, + vm_set_type=None, + # TODO: remove node_zones after cli 2.38.0 release + node_zones=None, + zones=None, + ppg=None, + max_pods=0, + enable_encryption_at_host=False, + enable_ultra_ssd=False, + enable_fips_image=False, + kubelet_config=None, + linux_os_config=None, + no_wait=False, + yes=False, + aks_custom_headers=None, + # extensions + # managed cluster + http_proxy_config=None, + ip_families=None, + pod_cidrs=None, + service_cidrs=None, + load_balancer_managed_outbound_ipv6_count=None, + enable_pod_security_policy=False, + enable_pod_identity=False, + enable_pod_identity_with_kubenet=False, + enable_workload_identity=None, + enable_oidc_issuer=False, + enable_azure_keyvault_kms=False, + azure_keyvault_kms_key_id=None, + cluster_snapshot_id=None, + disk_driver_version=None, + disable_disk_driver=False, + disable_file_driver=False, + disable_snapshot_controller=False, + enable_apiserver_vnet_integration=False, + apiserver_subnet_id=None, + dns_zone_resource_id=None, + enable_keda=False, + # nodepool + host_group_id=None, + crg_id=None, + message_of_the_day=None, + gpu_instance_profile=None, + workload_runtime=None, + enable_custom_ca_trust=False, +): # DO NOT MOVE: get all the original parameters and save them as a dictionary raw_parameters = locals() - from azure.cli.command_modules.acs._consts import DecoratorEarlyExitException + from azure.cli.command_modules.acs._consts import \ + DecoratorEarlyExitException from azure.cli.command_modules.acs.decorator import AKSParamDict + from .decorator import AKSPreviewCreateDecorator # decorator pattern @@ -846,81 +852,94 @@ def aks_create(cmd, return aks_create_decorator.create_mc_preview(mc) -def aks_update(cmd, # pylint: disable=too-many-statements,too-many-branches,too-many-locals - client, - resource_group_name, - name, - enable_cluster_autoscaler=False, - disable_cluster_autoscaler=False, - update_cluster_autoscaler=False, - cluster_autoscaler_profile=None, - min_count=None, max_count=None, no_wait=False, - load_balancer_managed_outbound_ip_count=None, - load_balancer_managed_outbound_ipv6_count=None, - load_balancer_outbound_ips=None, - load_balancer_outbound_ip_prefixes=None, - load_balancer_outbound_ports=None, - load_balancer_idle_timeout=None, - nat_gateway_managed_outbound_ip_count=None, - nat_gateway_idle_timeout=None, - api_server_authorized_ip_ranges=None, - enable_pod_security_policy=False, - disable_pod_security_policy=False, - attach_acr=None, - detach_acr=None, - uptime_sla=False, - no_uptime_sla=False, - enable_aad=False, - aad_tenant_id=None, - aad_admin_group_object_ids=None, - enable_ahub=False, - disable_ahub=False, - aks_custom_headers=None, - auto_upgrade_channel=None, - enable_managed_identity=False, - assign_identity=None, - assign_kubelet_identity=None, - enable_pod_identity=False, - enable_pod_identity_with_kubenet=False, - disable_pod_identity=False, - enable_workload_identity=None, - enable_secret_rotation=False, - disable_secret_rotation=False, - rotation_poll_interval=None, - enable_disk_driver=False, - disk_driver_version=None, - disable_disk_driver=False, - enable_file_driver=False, - disable_file_driver=False, - enable_snapshot_controller=False, - disable_snapshot_controller=False, - disable_local_accounts=False, - enable_local_accounts=False, - enable_public_fqdn=False, - disable_public_fqdn=False, - yes=False, - tags=None, - nodepool_labels=None, - windows_admin_password=None, - enable_azure_rbac=False, - disable_azure_rbac=False, - enable_windows_gmsa=False, - gmsa_dns_server=None, - gmsa_root_domain_name=None, - enable_oidc_issuer=False, - http_proxy_config=None, - enable_azure_keyvault_kms=False, - azure_keyvault_kms_key_id=None, - enable_apiserver_vnet_integration=False, - apiserver_subnet_id=None, - enable_keda=False, - disable_keda=False, - ): +# pylint: disable=too-many-locals +def aks_update( + cmd, + client, + resource_group_name, + name, + tags=None, + disable_local_accounts=False, + enable_local_accounts=False, + load_balancer_managed_outbound_ip_count=None, + load_balancer_outbound_ips=None, + load_balancer_outbound_ip_prefixes=None, + load_balancer_outbound_ports=None, + load_balancer_idle_timeout=None, + nat_gateway_managed_outbound_ip_count=None, + nat_gateway_idle_timeout=None, + auto_upgrade_channel=None, + cluster_autoscaler_profile=None, + uptime_sla=False, + no_uptime_sla=False, + api_server_authorized_ip_ranges=None, + enable_public_fqdn=False, + disable_public_fqdn=False, + enable_managed_identity=False, + assign_identity=None, + assign_kubelet_identity=None, + enable_aad=False, + enable_azure_rbac=False, + disable_azure_rbac=False, + aad_tenant_id=None, + aad_admin_group_object_ids=None, + windows_admin_password=None, + enable_ahub=False, + disable_ahub=False, + enable_windows_gmsa=False, + gmsa_dns_server=None, + gmsa_root_domain_name=None, + attach_acr=None, + detach_acr=None, + enable_defender=False, + disable_defender=False, + defender_config=None, + # addons + enable_secret_rotation=False, + disable_secret_rotation=False, + rotation_poll_interval=None, + # nodepool paramerters + enable_cluster_autoscaler=False, + disable_cluster_autoscaler=False, + update_cluster_autoscaler=False, + min_count=None, + max_count=None, + nodepool_labels=None, + no_wait=False, + yes=False, + aks_custom_headers=None, + # extensions + # managed cluster + http_proxy_config=None, + load_balancer_managed_outbound_ipv6_count=None, + enable_pod_security_policy=False, + disable_pod_security_policy=False, + enable_pod_identity=False, + enable_pod_identity_with_kubenet=False, + disable_pod_identity=False, + enable_workload_identity=None, + enable_oidc_issuer=False, + enable_azure_keyvault_kms=False, + azure_keyvault_kms_key_id=None, + enable_disk_driver=False, + disk_driver_version=None, + disable_disk_driver=False, + enable_file_driver=False, + disable_file_driver=False, + enable_snapshot_controller=False, + disable_snapshot_controller=False, + enable_apiserver_vnet_integration=False, + apiserver_subnet_id=None, + enable_keda=False, + disable_keda=False, +): # DO NOT MOVE: get all the original parameters and save them as a dictionary raw_parameters = locals() - from azure.cli.command_modules.acs._consts import DecoratorEarlyExitException + from azure.cli.command_modules.acs._consts import \ + DecoratorEarlyExitException from azure.cli.command_modules.acs.decorator import AKSParamDict + from .decorator import AKSPreviewUpdateDecorator # decorator pattern @@ -1647,52 +1666,57 @@ def aks_agentpool_list(cmd, # pylint: disable=unused-argument return client.list(resource_group_name, cluster_name) -def aks_agentpool_add(cmd, # pylint: disable=unused-argument,too-many-locals - client, - resource_group_name, - cluster_name, - nodepool_name, - kubernetes_version=None, - node_vm_size=None, - os_type=None, - os_sku=None, - vnet_subnet_id=None, - pod_subnet_id=None, - enable_node_public_ip=False, - node_public_ip_prefix_id=None, - enable_cluster_autoscaler=False, - min_count=None, - max_count=None, - node_count=3, - priority=CONST_SCALE_SET_PRIORITY_REGULAR, - eviction_policy=CONST_SPOT_EVICTION_POLICY_DELETE, - spot_max_price=float('nan'), - labels=None, - tags=None, - node_taints=None, - node_osdisk_type=None, - node_osdisk_size=0, - max_surge=None, - mode="User", - scale_down_mode=CONST_SCALE_DOWN_MODE_DELETE, - max_pods=0, - node_zones=None, - zones=None, - ppg=None, - enable_encryption_at_host=False, - enable_ultra_ssd=False, - enable_fips_image=False, - kubelet_config=None, - linux_os_config=None, - snapshot_id=None, - host_group_id=None, - crg_id=None, - message_of_the_day=None, - workload_runtime=None, - gpu_instance_profile=None, - enable_custom_ca_trust=False, - no_wait=False, - aks_custom_headers=None): +# pylint: disable=too-many-locals +def aks_agentpool_add( + cmd, + client, + resource_group_name, + cluster_name, + nodepool_name, + kubernetes_version=None, + node_vm_size=None, + os_type=None, + os_sku=None, + snapshot_id=None, + vnet_subnet_id=None, + pod_subnet_id=None, + enable_node_public_ip=False, + node_public_ip_prefix_id=None, + enable_cluster_autoscaler=False, + min_count=None, + max_count=None, + node_count=3, + priority=CONST_SCALE_SET_PRIORITY_REGULAR, + eviction_policy=CONST_SPOT_EVICTION_POLICY_DELETE, + spot_max_price=float("nan"), + labels=None, + tags=None, + node_taints=None, + node_osdisk_type=None, + node_osdisk_size=0, + max_surge=None, + mode=CONST_NODEPOOL_MODE_USER, + scale_down_mode=CONST_SCALE_DOWN_MODE_DELETE, + max_pods=0, + # TODO: remove node_zones after cli 2.38.0 release + node_zones=None, + zones=None, + ppg=None, + enable_encryption_at_host=False, + enable_ultra_ssd=False, + enable_fips_image=False, + kubelet_config=None, + linux_os_config=None, + no_wait=False, + aks_custom_headers=None, + # extensions + host_group_id=None, + crg_id=None, + message_of_the_day=None, + workload_runtime=None, + gpu_instance_profile=None, + enable_custom_ca_trust=False, +): instances = client.list(resource_group_name, cluster_name) for agentpool_profile in instances: if agentpool_profile.name == nodepool_name: @@ -1802,100 +1826,30 @@ def aks_agentpool_add(cmd, # pylint: disable=unused-argument,too-many-local return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, nodepool_name, agent_pool, headers=headers) -def aks_agentpool_scale(cmd, # pylint: disable=unused-argument - client, - resource_group_name, - cluster_name, - nodepool_name, - node_count=3, - no_wait=False): - instance = client.get(resource_group_name, cluster_name, nodepool_name) - new_node_count = int(node_count) - if instance.enable_auto_scaling: - raise CLIError("Cannot scale cluster autoscaler enabled node pool.") - if new_node_count == instance.count: - raise CLIError( - "The new node count is the same as the current node count.") - instance.count = new_node_count # pylint: disable=no-member - return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, nodepool_name, instance) - - -def aks_agentpool_upgrade(cmd, # pylint: disable=unused-argument - client, - resource_group_name, - cluster_name, - nodepool_name, - kubernetes_version='', - no_wait=False, - node_image_only=False, - max_surge=None, - aks_custom_headers=None, - snapshot_id=None): - - if kubernetes_version != '' and node_image_only: - raise CLIError('Conflicting flags. Upgrading the Kubernetes version will also upgrade node image version.' - 'If you only want to upgrade the node version please use the "--node-image-only" option only.') - - if node_image_only: - return _upgrade_single_nodepool_image_version(no_wait, - client, - resource_group_name, - cluster_name, - nodepool_name, - snapshot_id) - - creationData = None - if snapshot_id: - snapshot = _get_snapshot(cmd.cli_ctx, snapshot_id) - if not kubernetes_version and not node_image_only: - kubernetes_version = snapshot.kubernetes_version - - creationData = CreationData( - source_resource_id=snapshot_id - ) - - instance = client.get(resource_group_name, cluster_name, nodepool_name) - instance.orchestrator_version = kubernetes_version - instance.creation_data = creationData - - if not instance.upgrade_settings: - instance.upgrade_settings = AgentPoolUpgradeSettings() - - if max_surge: - instance.upgrade_settings.max_surge = max_surge - - headers = get_aks_custom_headers(aks_custom_headers) - - return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, nodepool_name, instance, headers=headers) - - -def aks_agentpool_get_upgrade_profile(cmd, # pylint: disable=unused-argument - client, - resource_group_name, - cluster_name, - nodepool_name): - return client.get_upgrade_profile(resource_group_name, cluster_name, nodepool_name) - - -def aks_agentpool_update(cmd, # pylint: disable=unused-argument - client, - resource_group_name, - cluster_name, - nodepool_name, - enable_cluster_autoscaler=False, - disable_cluster_autoscaler=False, - update_cluster_autoscaler=False, - min_count=None, max_count=None, - labels=None, - tags=None, - node_taints=None, - max_surge=None, - mode=None, - scale_down_mode=None, - enable_custom_ca_trust=False, - disable_custom_ca_trust=False, - no_wait=False, - aks_custom_headers=None): +# pylint: disable=too-many-locals +def aks_agentpool_update( + cmd, + client, + resource_group_name, + cluster_name, + nodepool_name, + enable_cluster_autoscaler=False, + disable_cluster_autoscaler=False, + update_cluster_autoscaler=False, + min_count=None, + max_count=None, + labels=None, + tags=None, + node_taints=None, + max_surge=None, + mode=None, + scale_down_mode=None, + no_wait=False, + aks_custom_headers=None, + # extensions + enable_custom_ca_trust=False, + disable_custom_ca_trust=False, +): update_autoscaler = enable_cluster_autoscaler + \ disable_cluster_autoscaler + update_cluster_autoscaler @@ -1989,6 +1943,81 @@ def aks_agentpool_update(cmd, # pylint: disable=unused-argument return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, nodepool_name, instance) +def aks_agentpool_scale(cmd, # pylint: disable=unused-argument + client, + resource_group_name, + cluster_name, + nodepool_name, + node_count=3, + no_wait=False): + instance = client.get(resource_group_name, cluster_name, nodepool_name) + new_node_count = int(node_count) + if instance.enable_auto_scaling: + raise CLIError("Cannot scale cluster autoscaler enabled node pool.") + if new_node_count == instance.count: + raise CLIError( + "The new node count is the same as the current node count.") + instance.count = new_node_count # pylint: disable=no-member + return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, nodepool_name, instance) + + +def aks_agentpool_upgrade(cmd, # pylint: disable=unused-argument + client, + resource_group_name, + cluster_name, + nodepool_name, + kubernetes_version='', + no_wait=False, + node_image_only=False, + max_surge=None, + aks_custom_headers=None, + snapshot_id=None): + + if kubernetes_version != '' and node_image_only: + raise CLIError('Conflicting flags. Upgrading the Kubernetes version will also upgrade node image version.' + 'If you only want to upgrade the node version please use the "--node-image-only" option only.') + + if node_image_only: + return _upgrade_single_nodepool_image_version(no_wait, + client, + resource_group_name, + cluster_name, + nodepool_name, + snapshot_id) + + creationData = None + if snapshot_id: + snapshot = _get_snapshot(cmd.cli_ctx, snapshot_id) + if not kubernetes_version and not node_image_only: + kubernetes_version = snapshot.kubernetes_version + + creationData = CreationData( + source_resource_id=snapshot_id + ) + + instance = client.get(resource_group_name, cluster_name, nodepool_name) + instance.orchestrator_version = kubernetes_version + instance.creation_data = creationData + + if not instance.upgrade_settings: + instance.upgrade_settings = AgentPoolUpgradeSettings() + + if max_surge: + instance.upgrade_settings.max_surge = max_surge + + headers = get_aks_custom_headers(aks_custom_headers) + + return sdk_no_wait(no_wait, client.begin_create_or_update, resource_group_name, cluster_name, nodepool_name, instance, headers=headers) + + +def aks_agentpool_get_upgrade_profile(cmd, # pylint: disable=unused-argument + client, + resource_group_name, + cluster_name, + nodepool_name): + return client.get_upgrade_profile(resource_group_name, cluster_name, nodepool_name) + + def aks_agentpool_stop(cmd, # pylint: disable=unused-argument client, resource_group_name, @@ -3353,6 +3382,11 @@ def aks_trustedaccess_role_binding_get(cmd, client, resource_group_name, cluster def aks_trustedaccess_role_binding_create_or_update(cmd, client, resource_group_name, cluster_name, role_binding_name, source_resource_id, roles): + TrustedAccessRoleBinding = cmd.get_models( + "TrustedAccessRoleBinding", + resource_type=CUSTOM_MGMT_AKS_PREVIEW, + operation_group="trusted_access_role_bindings", + ) roleBinding = TrustedAccessRoleBinding(source_resource_id=source_resource_id, roles=roles) return client.create_or_update(resource_group_name, cluster_name, role_binding_name, roleBinding) diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py index c11666ff341..2222c09f16e 100644 --- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py @@ -574,32 +574,23 @@ def get_workload_identity_profile(self) -> Optional[ManagedClusterSecurityProfil :return: Optional[ManagedClusterSecurityProfileWorkloadIdentity] """ + # NOTE: enable_workload_identity can be one of: + # + # - True: sets by user, to enable the workload identity feature + # - False: sets by user, to disable the workload identity feature + # - None: user unspecified, don't set the profile and let server side to backfill enable_workload_identity = self.raw_param.get("enable_workload_identity") - disable_workload_identity = self.raw_param.get("disable_workload_identity") - if self.decorator_mode == DecoratorMode.CREATE: - # CREATE mode has no --disable-workload-identity flag - disable_workload_identity = None - if enable_workload_identity is None and disable_workload_identity is None: - # no flags have been set, return None; server side will backfill the default/existing value + if enable_workload_identity is None: return None - if enable_workload_identity and disable_workload_identity: - raise MutuallyExclusiveArgumentError( - "Cannot specify --enable-workload-identity and " - "--disable-workload-identity at the same time." - ) - profile = self.models.ManagedClusterSecurityProfileWorkloadIdentity() - if self.decorator_mode == DecoratorMode.CREATE: - profile.enabled = bool(enable_workload_identity) - elif self.decorator_mode == DecoratorMode.UPDATE: + if self.decorator_mode == DecoratorMode.UPDATE: if self.mc.security_profile is not None and self.mc.security_profile.workload_identity is not None: + # reuse previous profile is has been set profile = self.mc.security_profile.workload_identity - if enable_workload_identity: - profile.enabled = True - elif disable_workload_identity: - profile.enabled = False + + profile.enabled = bool(enable_workload_identity) if profile.enabled: # in enable case, we need to check if OIDC issuer has been enabled @@ -1434,7 +1425,7 @@ def construct_mc_profile_preview(self, bypass_restore_defaults: bool = False) -> :return: the ManagedCluster object """ - # construct the default AgentPool profile + # DO NOT MOVE: keep this on top, construct the default AgentPool profile mc = self.construct_mc_profile_default(bypass_restore_defaults=True) # set up http proxy config @@ -1726,8 +1717,9 @@ def update_mc_profile_preview(self) -> ManagedCluster: :return: the ManagedCluster object """ - # update the default ManagedCluster profile + # DO NOT MOVE: keep this on top, fetch and update the default ManagedCluster profile mc = self.update_mc_profile_default() + # set up http proxy config mc = self.update_http_proxy_config(mc) # update pod security policy diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_ingress_appgw_addon_with_deprecated_subet_prefix.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_ingress_appgw_addon_with_deprecated_subet_prefix.yaml deleted file mode 100755 index b75df837266..00000000000 --- a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_ingress_appgw_addon_with_deprecated_subet_prefix.yaml +++ /dev/null @@ -1,638 +0,0 @@ -interactions: -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - CommandName: - - aks create - Connection: - - keep-alive - ParameterSetName: - - --resource-group --name --enable-managed-identity -a --appgw-subnet-prefix - --ssh-key-value -o - User-Agent: - - AZURECLI/2.37.0 azsdk-python-azure-mgmt-resource/21.1.0b1 Python/3.8.10 (Linux-5.13.0-1025-azure-x86_64-with-glibc2.29) - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001?api-version=2021-04-01 - response: - body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001","name":"clitest000001","type":"Microsoft.Resources/resourceGroups","location":"westus2","tags":{"product":"azurecli","cause":"automation","date":"2022-06-02T06:27:31Z"},"properties":{"provisioningState":"Succeeded"}}' - headers: - cache-control: - - no-cache - content-length: - - '305' - content-type: - - application/json; charset=utf-8 - date: - - Thu, 02 Jun 2022 06:27:31 GMT - expires: - - '-1' - pragma: - - no-cache - strict-transport-security: - - max-age=31536000; includeSubDomains - vary: - - Accept-Encoding - x-content-type-options: - - nosniff - status: - code: 200 - message: OK -- request: - body: '{"location": "westus2", "identity": {"type": "SystemAssigned"}, "properties": - {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitestxjvd625rb-8ecadf", - "agentPoolProfiles": [{"count": 3, "vmSize": "Standard_DS2_v2", "workloadRuntime": - "OCIContainer", "osType": "Linux", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", - "mode": "System", "enableNodePublicIP": false, "enableCustomCATrust": false, - "scaleSetPriority": "Regular", "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": - -1.0, "enableEncryptionAtHost": false, "enableUltraSSD": false, "enableFIPS": - false, "name": "nodepool1"}], "linuxProfile": {"adminUsername": "azureuser", - "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfHAws2mKUr7m0Nr7rsXv80E79Dxfa95HPax+o9LqnPAxxa6WEaaLh8csiM15TOL4DBSGxfUisO61Qdx6zMDV3R0jIx9R2UQ94OEjjN0wi1LwbuESMCLoJvsI41U3+QD871NJVWQ+ySSlG9EiMgMJLnmUapOvZDJhV64rI4qvegZEQqoAP0SiKxTdOnzaPc+X9Iz0wAoPSXfwZYNiLsVbknnwADlxx+v5cujFO7X5lThCcBrdt5OBzOplsDMmk7uEpbVhER5oLjU0rw9/sWhrxF+hJO4L2QTnwFBpE0o2jTyuCsvS5l1OSjO/IX3M6avQT8oD7zvSQULCaOXmWr1H1 - azcli_aks_live_test@example.com\n"}]}}, "addonProfiles": {"ingressApplicationGateway": - {"enabled": true, "config": {"subnetCIDR": "10.232.0.0/16"}}}, "enableRBAC": - true, "enablePodSecurityPolicy": false, "networkProfile": {"networkPlugin": - "kubenet", "podCidr": "10.244.0.0/16", "serviceCidr": "10.0.0.0/16", "dnsServiceIP": - "10.0.0.10", "dockerBridgeCidr": "172.17.0.1/16", "outboundType": "loadBalancer", - "loadBalancerSku": "standard"}, "disableLocalAccounts": false, "storageProfile": - {}}}' - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - CommandName: - - aks create - Connection: - - keep-alive - Content-Length: - - '1560' - Content-Type: - - application/json - ParameterSetName: - - --resource-group --name --enable-managed-identity -a --appgw-subnet-prefix - --ssh-key-value -o - User-Agent: - - AZURECLI/2.37.0 azsdk-python-azure-mgmt-containerservice/19.1.0b Python/3.8.10 - (Linux-5.13.0-1025-azure-x86_64-with-glibc2.29) - method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-05-02-preview - response: - body: - string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n - \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": - \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": - \"Creating\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": - \"1.22.6\",\n \"currentKubernetesVersion\": \"1.22.6\",\n \"dnsPrefix\": - \"cliakstest-clitestxjvd625rb-8ecadf\",\n \"fqdn\": \"cliakstest-clitestxjvd625rb-8ecadf-46e7c305.hcp.westus2.azmk8s.io\",\n - \ \"azurePortalFQDN\": \"cliakstest-clitestxjvd625rb-8ecadf-46e7c305.portal.hcp.westus2.azmk8s.io\",\n - \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": - 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": - \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": - \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n - \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Creating\",\n - \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": - \"1.22.6\",\n \"enableNodePublicIP\": false,\n \"enableCustomCATrust\": - false,\n \"mode\": \"System\",\n \"enableEncryptionAtHost\": false,\n - \ \"enableUltraSSD\": false,\n \"osType\": \"Linux\",\n \"osSKU\": - \"Ubuntu\",\n \"nodeImageVersion\": \"AKSUbuntu-1804gen2containerd-2022.05.16\",\n - \ \"enableFIPS\": false\n }\n ],\n \"linuxProfile\": {\n \"adminUsername\": - \"azureuser\",\n \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": - \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfHAws2mKUr7m0Nr7rsXv80E79Dxfa95HPax+o9LqnPAxxa6WEaaLh8csiM15TOL4DBSGxfUisO61Qdx6zMDV3R0jIx9R2UQ94OEjjN0wi1LwbuESMCLoJvsI41U3+QD871NJVWQ+ySSlG9EiMgMJLnmUapOvZDJhV64rI4qvegZEQqoAP0SiKxTdOnzaPc+X9Iz0wAoPSXfwZYNiLsVbknnwADlxx+v5cujFO7X5lThCcBrdt5OBzOplsDMmk7uEpbVhER5oLjU0rw9/sWhrxF+hJO4L2QTnwFBpE0o2jTyuCsvS5l1OSjO/IX3M6avQT8oD7zvSQULCaOXmWr1H1 - azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": - {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": - {\n \"ingressApplicationGateway\": {\n \"enabled\": true,\n \"config\": - {\n \"effectiveApplicationGatewayId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/applicationGateways/applicationgateway\",\n - \ \"subnetCIDR\": \"10.232.0.0/16\"\n }\n }\n },\n \"nodeResourceGroup\": - \"MC_clitest000001_cliakstest000002_westus2\",\n \"enableRBAC\": true,\n - \ \"enablePodSecurityPolicy\": false,\n \"networkProfile\": {\n \"networkPlugin\": - \"kubenet\",\n \"loadBalancerSku\": \"standard\",\n \"loadBalancerProfile\": - {\n \"managedOutboundIPs\": {\n \"count\": 1\n }\n },\n \"podCidr\": - \"10.244.0.0/16\",\n \"serviceCidr\": \"10.0.0.0/16\",\n \"dnsServiceIP\": - \"10.0.0.10\",\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n \"outboundType\": - \"loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": - [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n - \ },\n \"maxAgentPools\": 100,\n \"disableLocalAccounts\": false,\n \"securityProfile\": - {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": - true\n },\n \"fileCSIDriver\": {\n \"enabled\": true\n },\n \"snapshotController\": - {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": {\n \"enabled\": - false\n }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n - \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": - {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" - headers: - azure-asyncoperation: - - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/980b6a4f-2102-49d3-b9d7-8d5a1ea97549?api-version=2016-03-30 - cache-control: - - no-cache - content-length: - - '3640' - content-type: - - application/json - date: - - Thu, 02 Jun 2022 06:27:35 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - nginx - strict-transport-security: - - max-age=31536000; includeSubDomains - x-content-type-options: - - nosniff - x-ms-ratelimit-remaining-subscription-writes: - - '1196' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - '*/*' - Accept-Encoding: - - gzip, deflate - CommandName: - - aks create - Connection: - - keep-alive - ParameterSetName: - - --resource-group --name --enable-managed-identity -a --appgw-subnet-prefix - --ssh-key-value -o - User-Agent: - - AZURECLI/2.37.0 azsdk-python-azure-mgmt-containerservice/19.1.0b Python/3.8.10 - (Linux-5.13.0-1025-azure-x86_64-with-glibc2.29) - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/980b6a4f-2102-49d3-b9d7-8d5a1ea97549?api-version=2016-03-30 - response: - body: - string: "{\n \"name\": \"4f6a0b98-0221-d349-b9d7-8d5a1ea97549\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-06-02T06:27:35.8333333Z\"\n }" - headers: - cache-control: - - no-cache - content-length: - - '126' - content-type: - - application/json - date: - - Thu, 02 Jun 2022 06:28:05 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - nginx - strict-transport-security: - - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding - x-content-type-options: - - nosniff - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - '*/*' - Accept-Encoding: - - gzip, deflate - CommandName: - - aks create - Connection: - - keep-alive - ParameterSetName: - - --resource-group --name --enable-managed-identity -a --appgw-subnet-prefix - --ssh-key-value -o - User-Agent: - - AZURECLI/2.37.0 azsdk-python-azure-mgmt-containerservice/19.1.0b Python/3.8.10 - (Linux-5.13.0-1025-azure-x86_64-with-glibc2.29) - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/980b6a4f-2102-49d3-b9d7-8d5a1ea97549?api-version=2016-03-30 - response: - body: - string: "{\n \"name\": \"4f6a0b98-0221-d349-b9d7-8d5a1ea97549\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-06-02T06:27:35.8333333Z\"\n }" - headers: - cache-control: - - no-cache - content-length: - - '126' - content-type: - - application/json - date: - - Thu, 02 Jun 2022 06:28:35 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - nginx - strict-transport-security: - - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding - x-content-type-options: - - nosniff - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - '*/*' - Accept-Encoding: - - gzip, deflate - CommandName: - - aks create - Connection: - - keep-alive - ParameterSetName: - - --resource-group --name --enable-managed-identity -a --appgw-subnet-prefix - --ssh-key-value -o - User-Agent: - - AZURECLI/2.37.0 azsdk-python-azure-mgmt-containerservice/19.1.0b Python/3.8.10 - (Linux-5.13.0-1025-azure-x86_64-with-glibc2.29) - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/980b6a4f-2102-49d3-b9d7-8d5a1ea97549?api-version=2016-03-30 - response: - body: - string: "{\n \"name\": \"4f6a0b98-0221-d349-b9d7-8d5a1ea97549\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-06-02T06:27:35.8333333Z\"\n }" - headers: - cache-control: - - no-cache - content-length: - - '126' - content-type: - - application/json - date: - - Thu, 02 Jun 2022 06:29:05 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - nginx - strict-transport-security: - - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding - x-content-type-options: - - nosniff - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - '*/*' - Accept-Encoding: - - gzip, deflate - CommandName: - - aks create - Connection: - - keep-alive - ParameterSetName: - - --resource-group --name --enable-managed-identity -a --appgw-subnet-prefix - --ssh-key-value -o - User-Agent: - - AZURECLI/2.37.0 azsdk-python-azure-mgmt-containerservice/19.1.0b Python/3.8.10 - (Linux-5.13.0-1025-azure-x86_64-with-glibc2.29) - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/980b6a4f-2102-49d3-b9d7-8d5a1ea97549?api-version=2016-03-30 - response: - body: - string: "{\n \"name\": \"4f6a0b98-0221-d349-b9d7-8d5a1ea97549\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-06-02T06:27:35.8333333Z\"\n }" - headers: - cache-control: - - no-cache - content-length: - - '126' - content-type: - - application/json - date: - - Thu, 02 Jun 2022 06:29:35 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - nginx - strict-transport-security: - - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding - x-content-type-options: - - nosniff - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - '*/*' - Accept-Encoding: - - gzip, deflate - CommandName: - - aks create - Connection: - - keep-alive - ParameterSetName: - - --resource-group --name --enable-managed-identity -a --appgw-subnet-prefix - --ssh-key-value -o - User-Agent: - - AZURECLI/2.37.0 azsdk-python-azure-mgmt-containerservice/19.1.0b Python/3.8.10 - (Linux-5.13.0-1025-azure-x86_64-with-glibc2.29) - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/980b6a4f-2102-49d3-b9d7-8d5a1ea97549?api-version=2016-03-30 - response: - body: - string: "{\n \"name\": \"4f6a0b98-0221-d349-b9d7-8d5a1ea97549\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-06-02T06:27:35.8333333Z\"\n }" - headers: - cache-control: - - no-cache - content-length: - - '126' - content-type: - - application/json - date: - - Thu, 02 Jun 2022 06:30:06 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - nginx - strict-transport-security: - - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding - x-content-type-options: - - nosniff - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - '*/*' - Accept-Encoding: - - gzip, deflate - CommandName: - - aks create - Connection: - - keep-alive - ParameterSetName: - - --resource-group --name --enable-managed-identity -a --appgw-subnet-prefix - --ssh-key-value -o - User-Agent: - - AZURECLI/2.37.0 azsdk-python-azure-mgmt-containerservice/19.1.0b Python/3.8.10 - (Linux-5.13.0-1025-azure-x86_64-with-glibc2.29) - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/980b6a4f-2102-49d3-b9d7-8d5a1ea97549?api-version=2016-03-30 - response: - body: - string: "{\n \"name\": \"4f6a0b98-0221-d349-b9d7-8d5a1ea97549\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-06-02T06:27:35.8333333Z\"\n }" - headers: - cache-control: - - no-cache - content-length: - - '126' - content-type: - - application/json - date: - - Thu, 02 Jun 2022 06:30:35 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - nginx - strict-transport-security: - - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding - x-content-type-options: - - nosniff - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - '*/*' - Accept-Encoding: - - gzip, deflate - CommandName: - - aks create - Connection: - - keep-alive - ParameterSetName: - - --resource-group --name --enable-managed-identity -a --appgw-subnet-prefix - --ssh-key-value -o - User-Agent: - - AZURECLI/2.37.0 azsdk-python-azure-mgmt-containerservice/19.1.0b Python/3.8.10 - (Linux-5.13.0-1025-azure-x86_64-with-glibc2.29) - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/980b6a4f-2102-49d3-b9d7-8d5a1ea97549?api-version=2016-03-30 - response: - body: - string: "{\n \"name\": \"4f6a0b98-0221-d349-b9d7-8d5a1ea97549\",\n \"status\": - \"InProgress\",\n \"startTime\": \"2022-06-02T06:27:35.8333333Z\"\n }" - headers: - cache-control: - - no-cache - content-length: - - '126' - content-type: - - application/json - date: - - Thu, 02 Jun 2022 06:31:06 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - nginx - strict-transport-security: - - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding - x-content-type-options: - - nosniff - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - '*/*' - Accept-Encoding: - - gzip, deflate - CommandName: - - aks create - Connection: - - keep-alive - ParameterSetName: - - --resource-group --name --enable-managed-identity -a --appgw-subnet-prefix - --ssh-key-value -o - User-Agent: - - AZURECLI/2.37.0 azsdk-python-azure-mgmt-containerservice/19.1.0b Python/3.8.10 - (Linux-5.13.0-1025-azure-x86_64-with-glibc2.29) - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/westus2/operations/980b6a4f-2102-49d3-b9d7-8d5a1ea97549?api-version=2016-03-30 - response: - body: - string: "{\n \"name\": \"4f6a0b98-0221-d349-b9d7-8d5a1ea97549\",\n \"status\": - \"Succeeded\",\n \"startTime\": \"2022-06-02T06:27:35.8333333Z\",\n \"endTime\": - \"2022-06-02T06:31:24.6009563Z\"\n }" - headers: - cache-control: - - no-cache - content-length: - - '170' - content-type: - - application/json - date: - - Thu, 02 Jun 2022 06:31:36 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - nginx - strict-transport-security: - - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding - x-content-type-options: - - nosniff - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - '*/*' - Accept-Encoding: - - gzip, deflate - CommandName: - - aks create - Connection: - - keep-alive - ParameterSetName: - - --resource-group --name --enable-managed-identity -a --appgw-subnet-prefix - --ssh-key-value -o - User-Agent: - - AZURECLI/2.37.0 azsdk-python-azure-mgmt-containerservice/19.1.0b Python/3.8.10 - (Linux-5.13.0-1025-azure-x86_64-with-glibc2.29) - method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-05-02-preview - response: - body: - string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\",\n - \ \"location\": \"westus2\",\n \"name\": \"cliakstest000002\",\n \"type\": - \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\": {\n \"provisioningState\": - \"Succeeded\",\n \"powerState\": {\n \"code\": \"Running\"\n },\n \"kubernetesVersion\": - \"1.22.6\",\n \"currentKubernetesVersion\": \"1.22.6\",\n \"dnsPrefix\": - \"cliakstest-clitestxjvd625rb-8ecadf\",\n \"fqdn\": \"cliakstest-clitestxjvd625rb-8ecadf-46e7c305.hcp.westus2.azmk8s.io\",\n - \ \"azurePortalFQDN\": \"cliakstest-clitestxjvd625rb-8ecadf-46e7c305.portal.hcp.westus2.azmk8s.io\",\n - \ \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \"count\": - 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\": 128,\n \"osDiskType\": - \"Managed\",\n \"kubeletDiskType\": \"OS\",\n \"workloadRuntime\": - \"OCIContainer\",\n \"maxPods\": 110,\n \"type\": \"VirtualMachineScaleSets\",\n - \ \"enableAutoScaling\": false,\n \"provisioningState\": \"Succeeded\",\n - \ \"powerState\": {\n \"code\": \"Running\"\n },\n \"orchestratorVersion\": - \"1.22.6\",\n \"enableNodePublicIP\": false,\n \"enableCustomCATrust\": - false,\n \"mode\": \"System\",\n \"enableEncryptionAtHost\": false,\n - \ \"enableUltraSSD\": false,\n \"osType\": \"Linux\",\n \"osSKU\": - \"Ubuntu\",\n \"nodeImageVersion\": \"AKSUbuntu-1804gen2containerd-2022.05.16\",\n - \ \"enableFIPS\": false\n }\n ],\n \"linuxProfile\": {\n \"adminUsername\": - \"azureuser\",\n \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": - \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfHAws2mKUr7m0Nr7rsXv80E79Dxfa95HPax+o9LqnPAxxa6WEaaLh8csiM15TOL4DBSGxfUisO61Qdx6zMDV3R0jIx9R2UQ94OEjjN0wi1LwbuESMCLoJvsI41U3+QD871NJVWQ+ySSlG9EiMgMJLnmUapOvZDJhV64rI4qvegZEQqoAP0SiKxTdOnzaPc+X9Iz0wAoPSXfwZYNiLsVbknnwADlxx+v5cujFO7X5lThCcBrdt5OBzOplsDMmk7uEpbVhER5oLjU0rw9/sWhrxF+hJO4L2QTnwFBpE0o2jTyuCsvS5l1OSjO/IX3M6avQT8oD7zvSQULCaOXmWr1H1 - azcli_aks_live_test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\": - {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \"addonProfiles\": - {\n \"ingressApplicationGateway\": {\n \"enabled\": true,\n \"config\": - {\n \"effectiveApplicationGatewayId\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/applicationGateways/applicationgateway\",\n - \ \"subnetCIDR\": \"10.232.0.0/16\"\n },\n \"identity\": {\n \"resourceId\": - \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ingressapplicationgateway-cliakstest000002\",\n - \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n - \ }\n }\n },\n \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_westus2\",\n - \ \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"networkProfile\": - {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\": \"Standard\",\n - \ \"loadBalancerProfile\": {\n \"managedOutboundIPs\": {\n \"count\": - 1\n },\n \"effectiveOutboundIPs\": [\n {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.Network/publicIPAddresses/5b730d85-eaf6-48cf-b647-0aa77084a878\"\n - \ }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\": - \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\": - \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\": - [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\n - \ ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\": - 100,\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\": - \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\",\n - \ \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\":\"00000000-0000-0000-0000-000000000001\"\n - \ }\n },\n \"disableLocalAccounts\": false,\n \"securityProfile\": - {},\n \"storageProfile\": {\n \"diskCSIDriver\": {\n \"enabled\": - true\n },\n \"fileCSIDriver\": {\n \"enabled\": true\n },\n \"snapshotController\": - {\n \"enabled\": true\n }\n },\n \"oidcIssuerProfile\": {\n \"enabled\": - false\n }\n },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\":\"00000000-0000-0000-0000-000000000001\",\n - \ \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\n },\n \"sku\": - {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n }" - headers: - cache-control: - - no-cache - content-length: - - '4667' - content-type: - - application/json - date: - - Thu, 02 Jun 2022 06:31:36 GMT - expires: - - '-1' - pragma: - - no-cache - server: - - nginx - strict-transport-security: - - max-age=31536000; includeSubDomains - transfer-encoding: - - chunked - vary: - - Accept-Encoding - x-content-type-options: - - nosniff - status: - code: 200 - message: OK -version: 1 diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index ccc4b07b80e..3d601d993b5 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -3,22 +3,21 @@ # Licensed under the MIT License. See License.txt in the project root for license information. # -------------------------------------------------------------------------------------------- -import base64 import os import pty import subprocess import tempfile -from azure.cli.testsdk import ( - ScenarioTest, live_only) +from azext_aks_preview.tests.latest.custom_preparers import ( + AKSCustomResourceGroupPreparer, +) +from azext_aks_preview.tests.latest.recording_processors import KeyReplacer from azure.cli.command_modules.acs._format import version_to_tuple -from azure.cli.testsdk import CliTestError +from azure.cli.core.azclierror import BadRequestError +from azure.cli.testsdk import CliTestError, ScenarioTest, live_only from azure.cli.testsdk.scenario_tests import AllowLargeResponse -from knack.util import CLIError from azure.core.exceptions import HttpResponseError - -from .recording_processors import KeyReplacer -from .custom_preparers import AKSCustomResourceGroupPreparer +from knack.util import CLIError def _get_test_data_file(filename): @@ -281,26 +280,6 @@ def test_aks_create_with_ingress_appgw_addon(self, resource_group, resource_grou 'addonProfiles.ingressApplicationGateway.config.subnetCIDR', "10.232.0.0/16") ]) - @AllowLargeResponse() - @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') - def test_aks_create_with_ingress_appgw_addon_with_deprecated_subet_prefix(self, resource_group, resource_group_location): - aks_name = self.create_random_name('cliakstest', 16) - self.kwargs.update({ - 'resource_group': resource_group, - 'name': aks_name, - 'ssh_key_value': self.generate_ssh_keys() - }) - - create_cmd = 'aks create --resource-group={resource_group} --name={name} --enable-managed-identity ' \ - '-a ingress-appgw --appgw-subnet-prefix 10.232.0.0/16 ' \ - '--ssh-key-value={ssh_key_value} -o json' - self.cmd(create_cmd, checks=[ - self.check('provisioningState', 'Succeeded'), - self.check('addonProfiles.ingressApplicationGateway.enabled', True), - self.check( - 'addonProfiles.ingressApplicationGateway.config.subnetCIDR', "10.232.0.0/16") - ]) - @live_only() @AllowLargeResponse() @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2') @@ -4336,7 +4315,7 @@ def test_aks_create_web_application_routing_dns_zone_not_exist(self, resource_gr try: self.cmd(create_cmd, checks=[]) raise Exception("didn't get expected failure") - except HttpResponseError: + except (HttpResponseError, BadRequestError): # expected failure pass diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py index 66bcc7bd37a..146be9689b6 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py @@ -793,22 +793,6 @@ def test_get_workload_identity_profile__update_not_set(self): ctx.attach_mc(self.models.ManagedCluster(location="test_location")) self.assertIsNone(ctx.get_workload_identity_profile()) - def test_get_workload_identity_profile__update_with_enable_and_disable(self): - ctx = AKSPreviewManagedClusterContext( - self.cmd, - AKSManagedClusterParamDict( - { - "enable_workload_identity": True, - "disable_workload_identity": True, - } - ), - self.models, - decorator_mode=DecoratorMode.UPDATE, - ) - ctx.attach_mc(self.models.ManagedCluster(location="test_location")) - with self.assertRaises(MutuallyExclusiveArgumentError): - ctx.get_workload_identity_profile() - def test_get_workload_identity_profile__update_with_enable_without_oidc_issuer(self): ctx = AKSPreviewManagedClusterContext( self.cmd, @@ -864,7 +848,7 @@ def test_get_workload_identity_profile__update_with_disable(self): self.cmd, AKSManagedClusterParamDict( { - "disable_workload_identity": True, + "enable_workload_identity": False, } ), self.models,